Being free is no defense: Arxan finds 40% of free iOS, 80% of free Android apps have been hacked

The company found that over 40 percent of the top 15 most popular free iOS apps and 80 percent of the top 15 most popular free Android apps have been hacked. Unsurprisingly, the issue was even more common when an app was paid — the company reports 92 percent of the 100 most popular paid iOS apps and every single one of the top 100 most popular paid Android apps have been hacked.

Arxan reports the most common type of hack is to simply make a free copy of a paid app available. For apps that are already free hackers typically strip out advertising, unlock in-app purchases or bypass security measures.

Hacked versions of both free and paid apps are also commonly bundled with malware, a finding backed up by security and anti-virus software provider McAfee. The company recently reported mobile malware infections hit a 12 month high as hackers experimented with new kinds of mobile malware. The two fastest growing categories of malware are ransomware — code that holds a user’s data for ransom until money is received — and botnets that turn infected devices into “zombies” that are used to send spam or conduct DDoS attacks.

Although sometimes found in official app stores, hacked or cracked apps are most commonly found in unofficial third party app stores such as Cydia, torrent sites and app distribution sites run by third-parties and hackers. While iOS users that wish to use hacked versions of apps need to first jailbreak their device to gain root access to the iOS operating system, Android users can simply change a setting in their device preferences to allow them to download apps from any source or market. This setting, combined with the fact that apps released through Google Play aren’t encrypted (as they are in the iTunes App Store) accounts for the higher level of Android app piracy according to Arxan.